Compare commits
80 Commits
Author | SHA1 | Date | |
---|---|---|---|
95ef8d2f66 | |||
8354afb237 | |||
55c2bd4c8d | |||
2745e352f9 | |||
5c17fcbd2d | |||
3fa34c3993 | |||
09b833a39f | |||
aae96be073 | |||
db6703d593 | |||
0b2e37c5fa | |||
b1a43444b1 | |||
ce48eec66c | |||
2f28e05210 | |||
03c06ce6ee | |||
c22906c943 | |||
7db4b129d8 | |||
96735f7a3f | |||
840f3629bc | |||
4f89c4f67e | |||
f4861fc0a6 | |||
6065471faa | |||
1824d25c63 | |||
dda2fe89a2 | |||
3ae7fcf67e | |||
26bf4a2096 | |||
39af684fb7 | |||
6a6a488abd | |||
4660131d3a | |||
d8b0857bb5 | |||
9bbec96481 | |||
32400cb845 | |||
d8c901424c | |||
c1480a8403 | |||
3897553eb4 | |||
8b257378b8 | |||
b17c4b2709 | |||
257b710ce3 | |||
19f52d682e | |||
c67d5aee47 | |||
7d3bd3a728 | |||
|
79b3a32763 | ||
f84934fc9f | |||
07dff137bd | |||
4bbaf632be | |||
ad74e4c750 | |||
3f8b039d8a | |||
9e232de5a7 | |||
e8836162eb | |||
e7c3e1eed2 | |||
6321f2a36e | |||
5b76f14734 | |||
fe000e168f | |||
802144ecb6 | |||
c884417347 | |||
802fb5fa72 | |||
1d5c60b126 | |||
907d20cf3a | |||
d84c0b939d | |||
1e73f8da8c | |||
cdcd75e20d | |||
b0074be80e | |||
662d16db2c | |||
2770d0990f | |||
|
eeb1f834c7 | ||
|
f6ec2e72ea | ||
|
a95fad071a | ||
|
8a2e3f0c93 | ||
|
925289b675 | ||
|
79497476c2 | ||
|
318c638df7 | ||
607a9374db | |||
e6060ff9bc | |||
205b780ace | |||
26d4a5019b | |||
|
750dc27d46 | ||
|
b8e7b41ad1 | ||
|
756f50f416 | ||
|
9925b775f5 | ||
|
f06d6831e4 | ||
|
83c561fc1d |
@ -1,17 +1,43 @@
|
|||||||
---
|
---
|
||||||
all:
|
all:
|
||||||
hosts:
|
hosts:
|
||||||
prusa.lan:
|
router:
|
||||||
iron-man.lan:
|
ansible_host: 192.168.50.2
|
||||||
router.lan:
|
vars:
|
||||||
|
ip: 2
|
||||||
|
mac: 2c:b0:5d:4a:72:62
|
||||||
|
bender:
|
||||||
|
ansible_host: 192.168.50.3
|
||||||
|
home-assistant:
|
||||||
|
ansible_host: 192.168.60.100
|
||||||
|
uatu:
|
||||||
|
ansible_host: 192.168.50.106
|
||||||
|
dymo:
|
||||||
|
ansible_host: 192.168.50.109
|
||||||
|
node-cluster:
|
||||||
|
ansible_host: 192.168.50.151
|
||||||
|
remote_server:
|
||||||
|
ansible_host:
|
||||||
|
ansible_become_password:
|
||||||
|
ansible_user: ubuntu
|
||||||
|
children:
|
||||||
|
raspberry:
|
||||||
|
hosts:
|
||||||
|
dymo:
|
||||||
|
uatu:
|
||||||
|
lan:
|
||||||
|
hosts:
|
||||||
|
bender:
|
||||||
|
home-assistant:
|
||||||
|
prusa:
|
||||||
|
|
||||||
children:
|
children:
|
||||||
docker_cluster:
|
docker_cluster:
|
||||||
hosts:
|
hosts:
|
||||||
node-01.lan:
|
node-cluster:
|
||||||
ansible_host: 192.168.50.101
|
ubuntu:
|
||||||
node-02.lan:
|
hosts:
|
||||||
ansible_host: 192.168.50.102
|
uatu:
|
||||||
node-03.lan:
|
debian:
|
||||||
ansible_host: 192.168.50.103
|
hosts:
|
||||||
node-x86.lan:
|
dymo:
|
||||||
ansible_host: 192.168.50.186
|
|
||||||
|
@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
- hosts: localhost
|
|
||||||
roles:
|
|
||||||
- desktop
|
|
29
main.yml
29
main.yml
@ -1,22 +1,25 @@
|
|||||||
---
|
---
|
||||||
- hosts: iron-man.lan
|
|
||||||
roles:
|
|
||||||
- ssh
|
|
||||||
- ubuntu
|
|
||||||
|
|
||||||
- hosts: prusa.lan
|
|
||||||
roles:
|
|
||||||
- ssh
|
|
||||||
- octoprint
|
|
||||||
- ubuntu
|
|
||||||
|
|
||||||
- hosts: docker_cluster
|
- hosts: docker_cluster
|
||||||
roles:
|
roles:
|
||||||
|
- node_explorer
|
||||||
- ssh
|
- ssh
|
||||||
- docker-cluster
|
- docker-cluster
|
||||||
- ubuntu
|
- ubuntu
|
||||||
|
|
||||||
- hosts: router.lan
|
- hosts: remote_server
|
||||||
roles:
|
roles:
|
||||||
- router
|
- docker
|
||||||
|
|
||||||
|
- hosts: uatu.lan
|
||||||
|
roles:
|
||||||
|
- db-backup
|
||||||
|
- ssh
|
||||||
|
- ubuntu
|
||||||
|
- docker
|
||||||
|
- duplicity
|
||||||
|
- node_explorer
|
||||||
|
|
||||||
|
- hosts: dymo
|
||||||
|
roles:
|
||||||
|
- ssh
|
||||||
|
- cups-server
|
||||||
|
153
roles/cups-server/files/cupsd.conf
Normal file
153
roles/cups-server/files/cupsd.conf
Normal file
@ -0,0 +1,153 @@
|
|||||||
|
#
|
||||||
|
# Configuration file for the CUPS scheduler. See "man cupsd.conf" for a
|
||||||
|
# complete description of this file.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Log general information in error_log - change "warn" to "debug"
|
||||||
|
# for troubleshooting...
|
||||||
|
LogLevel warn
|
||||||
|
PageLogFormat
|
||||||
|
|
||||||
|
# Specifies the maximum size of the log files before they are rotated. The value "0" disables log rotation.
|
||||||
|
MaxLogSize 0
|
||||||
|
|
||||||
|
# Default error policy for printers
|
||||||
|
ErrorPolicy retry-job
|
||||||
|
|
||||||
|
# Allow remote access
|
||||||
|
Port 631
|
||||||
|
Listen /run/cups/cups.sock
|
||||||
|
|
||||||
|
# Show shared printers on the local network.
|
||||||
|
Browsing Yes
|
||||||
|
BrowseLocalProtocols dnssd
|
||||||
|
|
||||||
|
# Default authentication type, when authentication is required...
|
||||||
|
DefaultAuthType Basic
|
||||||
|
|
||||||
|
# Web interface setting...
|
||||||
|
WebInterface Yes
|
||||||
|
|
||||||
|
# Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l)
|
||||||
|
IdleExitTimeout 60
|
||||||
|
|
||||||
|
# Restrict access to the server...
|
||||||
|
<Location />
|
||||||
|
# Allow remote access...
|
||||||
|
Order allow,deny
|
||||||
|
Allow all
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
# Restrict access to the admin pages...
|
||||||
|
<Location /admin>
|
||||||
|
Order allow,deny
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
# Restrict access to configuration files...
|
||||||
|
<Location /admin/conf>
|
||||||
|
AuthType Default
|
||||||
|
Require user @SYSTEM
|
||||||
|
Order allow,deny
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
# Restrict access to log files...
|
||||||
|
<Location /admin/log>
|
||||||
|
AuthType Default
|
||||||
|
Require user @SYSTEM
|
||||||
|
Order allow,deny
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
# Set the default printer/job policies...
|
||||||
|
<Policy default>
|
||||||
|
# Job/subscription privacy...
|
||||||
|
JobPrivateAccess default
|
||||||
|
JobPrivateValues default
|
||||||
|
SubscriptionPrivateAccess default
|
||||||
|
SubscriptionPrivateValues default
|
||||||
|
|
||||||
|
# Job-related operations must be done by the owner or an administrator...
|
||||||
|
<Limit Create-Job Print-Job Print-URI Validate-Job>
|
||||||
|
Order deny,allow
|
||||||
|
</Limit>
|
||||||
|
|
||||||
|
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
|
||||||
|
Require user @OWNER @SYSTEM
|
||||||
|
Order deny,allow
|
||||||
|
</Limit>
|
||||||
|
|
||||||
|
<Limit CUPS-Get-Document>
|
||||||
|
AuthType Default
|
||||||
|
Require user @OWNER @SYSTEM
|
||||||
|
Order deny,allow
|
||||||
|
</Limit>
|
||||||
|
|
||||||
|
# All administration operations require an administrator to authenticate...
|
||||||
|
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
|
||||||
|
AuthType Default
|
||||||
|
Require user @SYSTEM
|
||||||
|
Order deny,allow
|
||||||
|
</Limit>
|
||||||
|
|
||||||
|
# All printer operations require a printer operator to authenticate...
|
||||||
|
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
|
||||||
|
AuthType Default
|
||||||
|
Require user @SYSTEM
|
||||||
|
Order deny,allow
|
||||||
|
</Limit>
|
||||||
|
|
||||||
|
# Only the owner or an administrator can cancel or authenticate a job...
|
||||||
|
<Limit Cancel-Job CUPS-Authenticate-Job>
|
||||||
|
Require user @OWNER @SYSTEM
|
||||||
|
Order deny,allow
|
||||||
|
</Limit>
|
||||||
|
|
||||||
|
<Limit All>
|
||||||
|
Order deny,allow
|
||||||
|
</Limit>
|
||||||
|
</Policy>
|
||||||
|
|
||||||
|
# Set the authenticated printer/job policies...
|
||||||
|
<Policy authenticated>
|
||||||
|
# Job/subscription privacy...
|
||||||
|
JobPrivateAccess default
|
||||||
|
JobPrivateValues default
|
||||||
|
SubscriptionPrivateAccess default
|
||||||
|
SubscriptionPrivateValues default
|
||||||
|
|
||||||
|
# Job-related operations must be done by the owner or an administrator...
|
||||||
|
<Limit Create-Job Print-Job Print-URI Validate-Job>
|
||||||
|
AuthType Default
|
||||||
|
Order deny,allow
|
||||||
|
</Limit>
|
||||||
|
|
||||||
|
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
|
||||||
|
AuthType Default
|
||||||
|
Require user @OWNER @SYSTEM
|
||||||
|
Order deny,allow
|
||||||
|
</Limit>
|
||||||
|
|
||||||
|
# All administration operations require an administrator to authenticate...
|
||||||
|
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
|
||||||
|
AuthType Default
|
||||||
|
Require user @SYSTEM
|
||||||
|
Order deny,allow
|
||||||
|
</Limit>
|
||||||
|
|
||||||
|
# All printer operations require a printer operator to authenticate...
|
||||||
|
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
|
||||||
|
AuthType Default
|
||||||
|
Require user @SYSTEM
|
||||||
|
Order deny,allow
|
||||||
|
</Limit>
|
||||||
|
|
||||||
|
# Only the owner or an administrator can cancel or authenticate a job...
|
||||||
|
<Limit Cancel-Job CUPS-Authenticate-Job>
|
||||||
|
AuthType Default
|
||||||
|
Require user @OWNER @SYSTEM
|
||||||
|
Order deny,allow
|
||||||
|
</Limit>
|
||||||
|
|
||||||
|
<Limit All>
|
||||||
|
Order deny,allow
|
||||||
|
</Limit>
|
||||||
|
</Policy>
|
12
roles/cups-server/tasks/config.yml
Normal file
12
roles/cups-server/tasks/config.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
- name: copy mysql backup
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
src: "cupsd.conf"
|
||||||
|
dest: "/etc/cups/cupsd.conf"
|
||||||
|
owner: root
|
||||||
|
mode: '0600'
|
||||||
|
|
||||||
|
- name: restart cups
|
||||||
|
systemd:
|
||||||
|
name: cups
|
||||||
|
state: restarted
|
15
roles/cups-server/tasks/install.yml
Normal file
15
roles/cups-server/tasks/install.yml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
- become: yes
|
||||||
|
block:
|
||||||
|
- name: install needed packages
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
pkg:
|
||||||
|
- cups
|
||||||
|
- printer-driver-dymo
|
||||||
|
|
||||||
|
- name: add current user to lpadmin group
|
||||||
|
user:
|
||||||
|
name: "{{ ansible_user_id }}"
|
||||||
|
append: yes
|
||||||
|
groups: lpadmin
|
4
roles/cups-server/tasks/main.yml
Normal file
4
roles/cups-server/tasks/main.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
- import_tasks: install.yml
|
||||||
|
|
||||||
|
- import_tasks: config.yml
|
23
roles/db-backup/files/mysql-backup.sh
Executable file
23
roles/db-backup/files/mysql-backup.sh
Executable file
@ -0,0 +1,23 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -x
|
||||||
|
|
||||||
|
HOST=192.168.50.100
|
||||||
|
USER=root
|
||||||
|
PASS=
|
||||||
|
DEST=/srv/backup/db/mysql
|
||||||
|
|
||||||
|
DATABASES=$(mysql -h $HOST -u $USER -p$PASS -s -N -e "SHOW DATABASES;")
|
||||||
|
DIR="${DEST}/$(date +"%F")"
|
||||||
|
mkdir -p "$DIR"
|
||||||
|
|
||||||
|
for db in $DATABASES; do
|
||||||
|
FILE="${DIR}/$db.sql.gz"
|
||||||
|
echo "backing up $db to $FILE"
|
||||||
|
|
||||||
|
[ "$db" != "information_schema" ] && [ "$db" != "mysql" ] && [ "$db" != "performance_schema" ] && [ "$db" != "sys" ] || continue
|
||||||
|
# Be sure to make one backup per day
|
||||||
|
[ -f $FILE ] && continue
|
||||||
|
|
||||||
|
mysqldump --single-transaction --routines --quick -h $HOST -u $USER -p$PASS -B "$db" | gzip > "$FILE"
|
||||||
|
done
|
24
roles/db-backup/files/postgres-backup.sh
Executable file
24
roles/db-backup/files/postgres-backup.sh
Executable file
@ -0,0 +1,24 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -x
|
||||||
|
|
||||||
|
HOST=192.168.50.100
|
||||||
|
PORT=5432
|
||||||
|
USER=postgres
|
||||||
|
PASS=
|
||||||
|
DEST=/srv/backup/db/postgres
|
||||||
|
|
||||||
|
DATABASES=$(PGPASSWORD="$PASS" psql -h $HOST -p $PORT -U $USER -l -t | cut -d'|' -f1 | sed -e 's/ //g' -e '/^$/d')
|
||||||
|
DIR="${DEST}/$(date +"%F")"
|
||||||
|
mkdir -p "$DIR"
|
||||||
|
|
||||||
|
for db in $DATABASES; do
|
||||||
|
FILE="${DIR}/$db.sql.gz"
|
||||||
|
echo "backing up $db to $FILE"
|
||||||
|
|
||||||
|
[ "$db" != "postgres" ] && [ "$db" != "template0" ] && [ "$db" != "template1" ] || continue
|
||||||
|
# Be sure to make one backup per day
|
||||||
|
[ -f $FILE ] && continue
|
||||||
|
|
||||||
|
PGPASSWORD="$PASS" pg_dump --username=$USER --host=$HOST --port=$PORT "$db" | gzip > "$FILE"
|
||||||
|
done
|
24
roles/db-backup/files/postgres-backup2.sh
Executable file
24
roles/db-backup/files/postgres-backup2.sh
Executable file
@ -0,0 +1,24 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -x
|
||||||
|
|
||||||
|
HOST=192.168.50.100
|
||||||
|
PORT=5433
|
||||||
|
USER=postgres
|
||||||
|
PASS=
|
||||||
|
DEST=/srv/backup/db/postgres
|
||||||
|
|
||||||
|
DATABASES=$(PGPASSWORD="$PASS" psql -h $HOST -p $PORT -U $USER -l -t | cut -d'|' -f1 | sed -e 's/ //g' -e '/^$/d')
|
||||||
|
DIR="${DEST}/$(date +"%F")"
|
||||||
|
mkdir -p "$DIR"
|
||||||
|
|
||||||
|
for db in $DATABASES; do
|
||||||
|
FILE="${DIR}/$db.sql.gz"
|
||||||
|
echo "backing up $db to $FILE"
|
||||||
|
|
||||||
|
[ "$db" != "postgres" ] && [ "$db" != "template0" ] && [ "$db" != "template1" ] || continue
|
||||||
|
# Be sure to make one backup per day
|
||||||
|
[ -f $FILE ] && continue
|
||||||
|
|
||||||
|
PGPASSWORD="$PASS" pg_dump --username=$USER --host=$HOST --port=$PORT "$db" | gzip > "$FILE"
|
||||||
|
done
|
9
roles/db-backup/tasks/account.yml
Normal file
9
roles/db-backup/tasks/account.yml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
- name: create db-backup account
|
||||||
|
become: yes
|
||||||
|
user:
|
||||||
|
name: "{{ account.name }}"
|
||||||
|
comment: "{{ account.comment }}"
|
||||||
|
system: yes
|
||||||
|
password_lock: yes
|
||||||
|
home: "{{ account.home }}"
|
23
roles/db-backup/tasks/copy-scripts.yml
Normal file
23
roles/db-backup/tasks/copy-scripts.yml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
- name: copy mysql backup
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
src: "mysql-backup.sh"
|
||||||
|
dest: "{{ account.home }}/mysql-backup.sh"
|
||||||
|
owner: "{{ account.name }}"
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: copy postgres backup
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
src: "postgres-backup.sh"
|
||||||
|
dest: "{{ account.home }}/postgres-backup.sh"
|
||||||
|
owner: "{{ account.name }}"
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: copy postgres backup
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
src: "postgres-backup2.sh"
|
||||||
|
dest: "{{ account.home }}/postgres-backup2.sh"
|
||||||
|
owner: "{{ account.name }}"
|
||||||
|
mode: '0755'
|
36
roles/db-backup/tasks/install.yml
Normal file
36
roles/db-backup/tasks/install.yml
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
---
|
||||||
|
- become: yes
|
||||||
|
block:
|
||||||
|
- name: install needed tools
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
pkg:
|
||||||
|
- postgresql-client-common
|
||||||
|
- mysql-client-8.0
|
||||||
|
|
||||||
|
- name: Add cron task for backup mysql
|
||||||
|
become: yes
|
||||||
|
ansible.builtin.cron:
|
||||||
|
user: "{{ account.name }}"
|
||||||
|
name: "Backup mysql"
|
||||||
|
minute: "0"
|
||||||
|
hour: "4"
|
||||||
|
job: "{{ account.home }}/mysql-backup.sh"
|
||||||
|
|
||||||
|
- name: Add cron task for backup postgres
|
||||||
|
become: yes
|
||||||
|
ansible.builtin.cron:
|
||||||
|
user: "{{ account.name }}"
|
||||||
|
name: "Backup postgres"
|
||||||
|
minute: "10"
|
||||||
|
hour: "4"
|
||||||
|
job: "{{ account.home }}/postgres-backup.sh"
|
||||||
|
|
||||||
|
- name: Add cron task for backup postgres2
|
||||||
|
become: yes
|
||||||
|
ansible.builtin.cron:
|
||||||
|
user: "{{ account.name }}"
|
||||||
|
name: "Backup postgres 2"
|
||||||
|
minute: "20"
|
||||||
|
hour: "4"
|
||||||
|
job: "{{ account.home }}/postgres-backup2.sh"
|
6
roles/db-backup/tasks/main.yml
Normal file
6
roles/db-backup/tasks/main.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
- import_tasks: account.yml
|
||||||
|
|
||||||
|
- import_tasks: copy-scripts.yml
|
||||||
|
|
||||||
|
- import_tasks: install.yml
|
5
roles/db-backup/vars/main.yml
Normal file
5
roles/db-backup/vars/main.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
account:
|
||||||
|
name: db-backup
|
||||||
|
comment: Database Backup account
|
||||||
|
home: /home/db-backup
|
Binary file not shown.
Before Width: | Height: | Size: 178 B |
@ -1,7 +0,0 @@
|
|||||||
[Desktop Entry]
|
|
||||||
Encoding=UTF-8
|
|
||||||
Name=Dwm
|
|
||||||
Comment=Dynamic window manager
|
|
||||||
Exec=dwm
|
|
||||||
Icon=dwm
|
|
||||||
Type=XSession
|
|
@ -1,41 +0,0 @@
|
|||||||
---
|
|
||||||
- name: install required packages
|
|
||||||
apt:
|
|
||||||
update_cache: yes
|
|
||||||
pkg:
|
|
||||||
- git
|
|
||||||
- make
|
|
||||||
- libx11-dev
|
|
||||||
- libxft-dev
|
|
||||||
- libxinerama-dev
|
|
||||||
- libxcb-res0-dev
|
|
||||||
- libx11-xcb-dev
|
|
||||||
|
|
||||||
- name: checkout
|
|
||||||
shell:
|
|
||||||
cmd: |
|
|
||||||
mkdir -p ~/src
|
|
||||||
cd ~/src
|
|
||||||
git clone {{ dwm-repo }}
|
|
||||||
|
|
||||||
- name: build dwm
|
|
||||||
make:
|
|
||||||
chdir: ~/src/dwm
|
|
||||||
|
|
||||||
- name: copy xsession
|
|
||||||
become: yes
|
|
||||||
copy:
|
|
||||||
src: usr/share/xsessions/dwm.desktop
|
|
||||||
dest: /usr/share/xsessions/dwm.desktop
|
|
||||||
|
|
||||||
- name: copy icon
|
|
||||||
become: yes
|
|
||||||
copy:
|
|
||||||
src: usr/share/icons/dwm.png
|
|
||||||
dest: /usr/share/icons/dwm.png
|
|
||||||
|
|
||||||
- name: install dwm
|
|
||||||
become: yes
|
|
||||||
make:
|
|
||||||
chdir: ~/src/dwm
|
|
||||||
target: install
|
|
@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
- import_tasks: setup.yml
|
|
||||||
|
|
||||||
- import_tasks: dwm.yml
|
|
@ -1,9 +0,0 @@
|
|||||||
---
|
|
||||||
- block:
|
|
||||||
become: yes
|
|
||||||
- name: install git and make
|
|
||||||
apt:
|
|
||||||
update_cache: yes
|
|
||||||
pkg:
|
|
||||||
- git
|
|
||||||
- make
|
|
@ -1,3 +0,0 @@
|
|||||||
---
|
|
||||||
dwm-repo: https://github.com/pgrondek/dwm.git
|
|
||||||
st-repo: https://github.com/pgrondek/stterm.git
|
|
@ -1 +1,2 @@
|
|||||||
node-02 IPaddr::192.168.50.100/24/eth0:0
|
node-02 IPaddr::192.168.50.100/24/eth0:0
|
||||||
|
node-02 ssh-external::start
|
||||||
|
28
roles/docker-cluster/files/etc/ha.d/resource.d/ssh-external
Executable file
28
roles/docker-cluster/files/etc/ha.d/resource.d/ssh-external
Executable file
@ -0,0 +1,28 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
SERVICE=sshd-external
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
start)
|
||||||
|
systemctl start "${SERVICE}"
|
||||||
|
;;
|
||||||
|
stop)
|
||||||
|
systemctl stop "${SERVICE}"
|
||||||
|
;;
|
||||||
|
reload)
|
||||||
|
systemctl reload "${SERVICE}"
|
||||||
|
;;
|
||||||
|
force-reload)
|
||||||
|
systemctl force-reload "${SERVICE}"
|
||||||
|
;;
|
||||||
|
restart)
|
||||||
|
systemctl restart "${SERVICE}"
|
||||||
|
;;
|
||||||
|
status)
|
||||||
|
systemctl status "${SERVICE}"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart|status}" || true
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
128
roles/docker-cluster/files/etc/ssh/sshd_config_external
Normal file
128
roles/docker-cluster/files/etc/ssh/sshd_config_external
Normal file
@ -0,0 +1,128 @@
|
|||||||
|
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
|
||||||
|
|
||||||
|
# This is the sshd server system-wide configuration file. See
|
||||||
|
# sshd_config(5) for more information.
|
||||||
|
|
||||||
|
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
|
||||||
|
|
||||||
|
# The strategy used for options in the default sshd_config shipped with
|
||||||
|
# OpenSSH is to specify options with their default value where
|
||||||
|
# possible, but leave them commented. Uncommented options override the
|
||||||
|
# default value.
|
||||||
|
|
||||||
|
Port 8022
|
||||||
|
#AddressFamily any
|
||||||
|
ListenAddress 192.168.50.100
|
||||||
|
#ListenAddress ::
|
||||||
|
|
||||||
|
HostKey /etc/ssh/ssh_external_host_rsa_key
|
||||||
|
HostKey /etc/ssh/ssh_external_host_ecdsa_key
|
||||||
|
HostKey /etc/ssh/ssh_external_host_ed25519_key
|
||||||
|
|
||||||
|
# Ciphers and keying
|
||||||
|
#RekeyLimit default none
|
||||||
|
|
||||||
|
# Logging
|
||||||
|
#SyslogFacility AUTH
|
||||||
|
#LogLevel INFO
|
||||||
|
|
||||||
|
# Authentication:
|
||||||
|
|
||||||
|
#LoginGraceTime 2m
|
||||||
|
#PermitRootLogin prohibit-password
|
||||||
|
#StrictModes yes
|
||||||
|
#MaxAuthTries 6
|
||||||
|
#MaxSessions 10
|
||||||
|
|
||||||
|
#PubkeyAuthentication yes
|
||||||
|
|
||||||
|
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
|
||||||
|
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
|
||||||
|
|
||||||
|
#AuthorizedPrincipalsFile none
|
||||||
|
|
||||||
|
#AuthorizedKeysCommand none
|
||||||
|
#AuthorizedKeysCommandUser nobody
|
||||||
|
|
||||||
|
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
||||||
|
#HostbasedAuthentication no
|
||||||
|
# Change to yes if you don't trust ~/.ssh/known_hosts for
|
||||||
|
# HostbasedAuthentication
|
||||||
|
#IgnoreUserKnownHosts no
|
||||||
|
# Don't read the user's ~/.rhosts and ~/.shosts files
|
||||||
|
#IgnoreRhosts yes
|
||||||
|
|
||||||
|
# To disable tunneled clear text passwords, change to no here!
|
||||||
|
PasswordAuthentication no
|
||||||
|
#PermitEmptyPasswords no
|
||||||
|
|
||||||
|
# Change to yes to enable challenge-response passwords (beware issues with
|
||||||
|
# some PAM modules and threads)
|
||||||
|
ChallengeResponseAuthentication no
|
||||||
|
|
||||||
|
# Kerberos options
|
||||||
|
#KerberosAuthentication no
|
||||||
|
#KerberosOrLocalPasswd yes
|
||||||
|
#KerberosTicketCleanup yes
|
||||||
|
#KerberosGetAFSToken no
|
||||||
|
|
||||||
|
# GSSAPI options
|
||||||
|
#GSSAPIAuthentication no
|
||||||
|
#GSSAPICleanupCredentials yes
|
||||||
|
#GSSAPIStrictAcceptorCheck yes
|
||||||
|
#GSSAPIKeyExchange no
|
||||||
|
|
||||||
|
# Set this to 'yes' to enable PAM authentication, account processing,
|
||||||
|
# and session processing. If this is enabled, PAM authentication will
|
||||||
|
# be allowed through the ChallengeResponseAuthentication and
|
||||||
|
# PasswordAuthentication. Depending on your PAM configuration,
|
||||||
|
# PAM authentication via ChallengeResponseAuthentication may bypass
|
||||||
|
# the setting of "PermitRootLogin without-password".
|
||||||
|
# If you just want the PAM account and session checks to run without
|
||||||
|
# PAM authentication, then enable this but set PasswordAuthentication
|
||||||
|
# and ChallengeResponseAuthentication to 'no'.
|
||||||
|
UsePAM yes
|
||||||
|
|
||||||
|
#AllowAgentForwarding yes
|
||||||
|
#AllowTcpForwarding yes
|
||||||
|
#GatewayPorts no
|
||||||
|
X11Forwarding yes
|
||||||
|
#X11DisplayOffset 10
|
||||||
|
#X11UseLocalhost yes
|
||||||
|
#PermitTTY yes
|
||||||
|
PrintMotd no
|
||||||
|
#PrintLastLog yes
|
||||||
|
#TCPKeepAlive yes
|
||||||
|
#UseLogin no
|
||||||
|
#UsePrivilegeSeparation sandbox
|
||||||
|
#PermitUserEnvironment no
|
||||||
|
#Compression delayed
|
||||||
|
#ClientAliveInterval 0
|
||||||
|
#ClientAliveCountMax 3
|
||||||
|
#UseDNS no
|
||||||
|
PidFile /var/run/sshd-external.pid
|
||||||
|
#MaxStartups 10:30:100
|
||||||
|
#PermitTunnel no
|
||||||
|
#ChrootDirectory none
|
||||||
|
#VersionAddendum none
|
||||||
|
|
||||||
|
# no default banner path
|
||||||
|
#Banner none
|
||||||
|
|
||||||
|
# Allow client to pass locale environment variables
|
||||||
|
AcceptEnv LANG LC_*
|
||||||
|
|
||||||
|
# override default of no subsystems
|
||||||
|
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||||
|
|
||||||
|
# Example of overriding settings on a per-user basis
|
||||||
|
#Match User anoncvs
|
||||||
|
# X11Forwarding no
|
||||||
|
# AllowTcpForwarding no
|
||||||
|
# PermitTTY no
|
||||||
|
# ForceCommand cvs server
|
||||||
|
|
||||||
|
|
||||||
|
HostCertificate /etc/ssh/ssh_external_host_dsa_key-cert.pub
|
||||||
|
HostCertificate /etc/ssh/ssh_external_host_ecdsa_key-cert.pub
|
||||||
|
HostCertificate /etc/ssh/ssh_external_host_rsa_key-cert.pub
|
@ -0,0 +1,19 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=OpenBSD Secure Shell server
|
||||||
|
After=network.target auditd.service
|
||||||
|
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
EnvironmentFile=-/etc/default/ssh
|
||||||
|
ExecStartPre=/usr/sbin/sshd -t
|
||||||
|
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS -f /etc/ssh/sshd_config_external
|
||||||
|
ExecReload=/usr/sbin/sshd -t
|
||||||
|
ExecReload=/bin/kill -HUP $MAINPID
|
||||||
|
KillMode=process
|
||||||
|
Restart=on-failure
|
||||||
|
RestartPreventExitStatus=255
|
||||||
|
Type=notify
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
Alias=sshd-external.service
|
7
roles/docker-cluster/tasks/dependencies.yml
Normal file
7
roles/docker-cluster/tasks/dependencies.yml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
- name: install modules for docker networks
|
||||||
|
when: ansible_distribution == "Ubuntu" and ansible_distribution_version == "22.04"
|
||||||
|
become: yes
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
pkg:
|
||||||
|
- linux-modules-extra-raspi
|
17
roles/docker-cluster/tasks/docker-cron.yml
Normal file
17
roles/docker-cluster/tasks/docker-cron.yml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
- name: Clean docker system
|
||||||
|
become: yes
|
||||||
|
ansible.builtin.cron:
|
||||||
|
user: root
|
||||||
|
name: "clean docker system"
|
||||||
|
minute: "0"
|
||||||
|
hour: "3"
|
||||||
|
job: "/usr/bin/docker system prune -f"
|
||||||
|
|
||||||
|
- name: Clean docker image cache
|
||||||
|
become: yes
|
||||||
|
ansible.builtin.cron:
|
||||||
|
user: root
|
||||||
|
name: "clean docker system"
|
||||||
|
minute: "0"
|
||||||
|
hour: "3"
|
||||||
|
job: "/usr/bin/docker image prune -a -f"
|
14
roles/docker-cluster/tasks/docker-watcher.yml
Normal file
14
roles/docker-cluster/tasks/docker-watcher.yml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
- name: Create hostfile
|
||||||
|
become: yes
|
||||||
|
template:
|
||||||
|
src: usr/local/sbin/check-docker.j2
|
||||||
|
dest: /usr/local/sbin/check-docker
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: create cron
|
||||||
|
become: yes
|
||||||
|
cron:
|
||||||
|
name: "check docker"
|
||||||
|
minute: "*/15"
|
||||||
|
job: "/usr/local/sbin/check-docker"
|
16
roles/docker-cluster/tasks/gluster.yml
Normal file
16
roles/docker-cluster/tasks/gluster.yml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
- become: yes
|
||||||
|
block:
|
||||||
|
- name: install glusterfs-client
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
pkg:
|
||||||
|
- glusterfs-client
|
||||||
|
|
||||||
|
- name: add mount for glusterfs data
|
||||||
|
mount:
|
||||||
|
path: /srv
|
||||||
|
src: 192.168.50.100:/gv0
|
||||||
|
fstype: glusterfs
|
||||||
|
state: present
|
||||||
|
opts: defaults, p_netdev
|
@ -35,3 +35,15 @@
|
|||||||
name: "{{ansible_user_id}}"
|
name: "{{ansible_user_id}}"
|
||||||
groups: docker
|
groups: docker
|
||||||
append: yes
|
append: yes
|
||||||
|
|
||||||
|
- name: start and enable docker
|
||||||
|
systemd:
|
||||||
|
name: docker
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: add current user to docker group
|
||||||
|
user:
|
||||||
|
name: "{{ ansible_user_id }}"
|
||||||
|
append: yes
|
||||||
|
groups: docker
|
||||||
|
@ -1,7 +1,20 @@
|
|||||||
---
|
---
|
||||||
- name: install needed packages
|
- become: yes
|
||||||
become: yes
|
block:
|
||||||
|
- name: install needed packages
|
||||||
apt:
|
apt:
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
pkg:
|
pkg:
|
||||||
- docker.io
|
- docker.io
|
||||||
|
|
||||||
|
- name: start and enable docker
|
||||||
|
systemd:
|
||||||
|
name: docker
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: add current user to docker group
|
||||||
|
user:
|
||||||
|
name: "{{ ansible_user_id }}"
|
||||||
|
append: yes
|
||||||
|
groups: docker
|
||||||
|
@ -5,9 +5,18 @@
|
|||||||
- import_tasks: install-docker-io.yml
|
- import_tasks: install-docker-io.yml
|
||||||
when: ansible_distribution == "Ubuntu" and ansible_distribution_version != "18.04"
|
when: ansible_distribution == "Ubuntu" and ansible_distribution_version != "18.04"
|
||||||
|
|
||||||
|
- import_tasks: dependencies.yml
|
||||||
|
|
||||||
- import_tasks: nfs-client.yml
|
- import_tasks: nfs-client.yml
|
||||||
|
|
||||||
|
- import_tasks: gluster.yml
|
||||||
|
|
||||||
- import_tasks: hearthbeat.yml
|
- import_tasks: hearthbeat.yml
|
||||||
|
|
||||||
- import_tasks: hostfile.yml
|
- import_tasks: hostfile.yml
|
||||||
|
|
||||||
|
- import_tasks: docker-watcher.yml
|
||||||
|
|
||||||
|
- import_tasks: ssh-external.yml
|
||||||
|
|
||||||
|
- import_tasks: docker-cron.yml
|
||||||
|
24
roles/docker-cluster/tasks/ssh-external.yml
Normal file
24
roles/docker-cluster/tasks/ssh-external.yml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
- become: yes
|
||||||
|
block:
|
||||||
|
- name: copy config
|
||||||
|
copy:
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0600
|
||||||
|
directory_mode: yes
|
||||||
|
src: etc/ssh
|
||||||
|
dest: /etc
|
||||||
|
|
||||||
|
- name: copy ha.d resource ssh-external
|
||||||
|
copy:
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0755
|
||||||
|
src: etc/ha.d/resource.d/ssh-external
|
||||||
|
dest: /etc/ha.d/resource.d/ssh-external
|
||||||
|
|
||||||
|
- name: add systemd service
|
||||||
|
copy:
|
||||||
|
src: lib/systemd/system/sshd-external.service
|
||||||
|
dest: /lib/systemd/system/sshd-external.service
|
@ -0,0 +1,16 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
docker node ls
|
||||||
|
if [ $? == 1 ]; then
|
||||||
|
echo "This is not a docker swarm node exiting"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
docker node inspect {{ ansible_hostname }} --format "{{ '{{' }} .Status.State {{ '}}' }}" | grep -q 'ready'
|
||||||
|
|
||||||
|
if [ $? == 1 ]; then
|
||||||
|
echo "Docker is down restarting"
|
||||||
|
service docker restart
|
||||||
|
else
|
||||||
|
echo "Docker is ok"
|
||||||
|
fi
|
17
roles/docker/tasks/docker-cron.yml
Normal file
17
roles/docker/tasks/docker-cron.yml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
- name: Clean docker system
|
||||||
|
become: yes
|
||||||
|
ansible.builtin.cron:
|
||||||
|
user: root
|
||||||
|
name: "clean docker system"
|
||||||
|
minute: "0"
|
||||||
|
hour: "3"
|
||||||
|
job: "/usr/bin/docker system prune -f"
|
||||||
|
|
||||||
|
- name: Clean docker image cache
|
||||||
|
become: yes
|
||||||
|
ansible.builtin.cron:
|
||||||
|
user: root
|
||||||
|
name: "clean docker system"
|
||||||
|
minute: "0"
|
||||||
|
hour: "3"
|
||||||
|
job: "/usr/bin/docker image prune -a -f"
|
49
roles/docker/tasks/install-docker-ce.yml
Normal file
49
roles/docker/tasks/install-docker-ce.yml
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
---
|
||||||
|
- become: yes
|
||||||
|
block:
|
||||||
|
- name: install needed packages
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
pkg:
|
||||||
|
- apt-transport-https
|
||||||
|
- ca-certificates
|
||||||
|
- curl
|
||||||
|
- gnupg-agent
|
||||||
|
- software-properties-common
|
||||||
|
|
||||||
|
- name: add docker gpg key
|
||||||
|
apt_key:
|
||||||
|
url: https://download.docker.com/linux/ubuntu/gpg
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: add docker repo
|
||||||
|
apt_repository:
|
||||||
|
repo: deb https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable
|
||||||
|
state: present
|
||||||
|
filename: docker
|
||||||
|
|
||||||
|
- name: install docker
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
pkg:
|
||||||
|
- docker-ce
|
||||||
|
- docker-ce-cli
|
||||||
|
- containerd.io
|
||||||
|
|
||||||
|
- name: add current user to docker group
|
||||||
|
user:
|
||||||
|
name: "{{ansible_user_id}}"
|
||||||
|
groups: docker
|
||||||
|
append: yes
|
||||||
|
|
||||||
|
- name: start and enable docker
|
||||||
|
systemd:
|
||||||
|
name: docker
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: add current user to docker group
|
||||||
|
user:
|
||||||
|
name: "{{ ansible_user_id }}"
|
||||||
|
append: yes
|
||||||
|
groups: docker
|
20
roles/docker/tasks/install-docker-io.yml
Normal file
20
roles/docker/tasks/install-docker-io.yml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
- become: yes
|
||||||
|
block:
|
||||||
|
- name: install needed packages
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
pkg:
|
||||||
|
- docker.io
|
||||||
|
|
||||||
|
- name: start and enable docker
|
||||||
|
systemd:
|
||||||
|
name: docker
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: add current user to docker group
|
||||||
|
user:
|
||||||
|
name: "{{ ansible_user_id }}"
|
||||||
|
append: yes
|
||||||
|
groups: docker
|
8
roles/docker/tasks/main.yml
Normal file
8
roles/docker/tasks/main.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
- import_tasks: install-docker-ce.yml
|
||||||
|
when: ansible_distribution == "Ubuntu" and ansible_distribution_version == "18.04"
|
||||||
|
|
||||||
|
- import_tasks: install-docker-io.yml
|
||||||
|
when: ansible_distribution == "Ubuntu" and ansible_distribution_version != "18.04"
|
||||||
|
|
||||||
|
- import_tasks: docker-cron.yml
|
24
roles/duplicity/files/backup.sh
Normal file
24
roles/duplicity/files/backup.sh
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
source /home/duplicity/email-settings.sh
|
||||||
|
|
||||||
|
MAX_TIME="3M"
|
||||||
|
FULL_BACKUP_EVERY="1M"
|
||||||
|
SOURCE="/mnt/MAIN"
|
||||||
|
DESTINATION="onedrive://duplicity/nas"
|
||||||
|
|
||||||
|
LOG="/home/duplicity/backup.log"
|
||||||
|
|
||||||
|
rm $LOG
|
||||||
|
PASSPHRASE="$PASSPHRASE" duplicity remove-older-than $MAX_TIME $DESTINATION >> $LOG
|
||||||
|
PASSPHRASE="$PASSPHRASE" duplicity --full-if-older-than $FULL_BACKUP_EVERY $SOURCE $DESTINATION >> $LOG
|
||||||
|
|
||||||
|
sendemail \
|
||||||
|
-f "$EMAIL_SENDER" \
|
||||||
|
-t "$EMAIL_RECEIPIENT" \
|
||||||
|
-u "Duplicity backup log" \
|
||||||
|
-message-file=$LOG \
|
||||||
|
-s "$EMAIL_SERVER" \
|
||||||
|
-xu "$EMAIL_USER" \
|
||||||
|
-xp "$EMAIL_PASSWORD" \
|
||||||
|
-o "tls=$EMAIL_TLS"
|
9
roles/duplicity/tasks/account.yml
Normal file
9
roles/duplicity/tasks/account.yml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
- name: create duplicity account
|
||||||
|
become: yes
|
||||||
|
user:
|
||||||
|
name: duplicity
|
||||||
|
comment: Duplicity account
|
||||||
|
system: yes
|
||||||
|
password_lock: yes
|
||||||
|
home: /home/duplicity
|
18
roles/duplicity/tasks/cron.yml
Normal file
18
roles/duplicity/tasks/cron.yml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
- name: copy configuration
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
src: backup.sh
|
||||||
|
dest: /home/duplicity/backup.sh
|
||||||
|
mode: '0750'
|
||||||
|
owner: duplicity
|
||||||
|
group: duplicity
|
||||||
|
|
||||||
|
- name: Create cron job for autobackup
|
||||||
|
become: yes
|
||||||
|
ansible.builtin.cron:
|
||||||
|
user: duplicity
|
||||||
|
name: "Backup"
|
||||||
|
minute: "0"
|
||||||
|
hour: "3"
|
||||||
|
job: "/home/duplicity/backup.sh"
|
12
roles/duplicity/tasks/install.yml
Normal file
12
roles/duplicity/tasks/install.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
- become: yes
|
||||||
|
block:
|
||||||
|
- name: install needed packages
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
pkg:
|
||||||
|
- duplicity
|
||||||
|
- python3-requests-oauthlib
|
||||||
|
- sendemail
|
||||||
|
- libio-socket-ssl-perl
|
||||||
|
- libnet-ssleay-perl
|
6
roles/duplicity/tasks/main.yml
Normal file
6
roles/duplicity/tasks/main.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
- import_tasks: account.yml
|
||||||
|
|
||||||
|
- import_tasks: install.yml
|
||||||
|
|
||||||
|
- import_tasks: cron.yml
|
1
roles/i2c-clock/files/etc/modules-load.d/rtc-ds1307.conf
Normal file
1
roles/i2c-clock/files/etc/modules-load.d/rtc-ds1307.conf
Normal file
@ -0,0 +1 @@
|
|||||||
|
rtc-ds1307
|
22
roles/i2c-clock/files/etc/systemd/system/rtc-i2c.service
Normal file
22
roles/i2c-clock/files/etc/systemd/system/rtc-i2c.service
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
[Unit]
|
||||||
|
ConditionCapability=CAP_SYS_TIME
|
||||||
|
ConditionVirtualization=!container
|
||||||
|
DefaultDependencies=no
|
||||||
|
Wants=dev-rtc_i2c.device
|
||||||
|
After=dev-rtc_i2c.device
|
||||||
|
Before=sysinit.target
|
||||||
|
Conflicts=shutdown.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
CapabilityBoundingSet=CAP_SYS_TIME
|
||||||
|
PrivateTmp=yes
|
||||||
|
ProtectSystem=full
|
||||||
|
ProtectHome=yes
|
||||||
|
DeviceAllow=/dev/rtc rw
|
||||||
|
DevicePolicy=closed
|
||||||
|
ExecStart=/bin/sh -c "/usr/bin/echo ds1307 0x68 > /sys/class/i2c-adapter/i2c-1/new_device"
|
||||||
|
ExecStartPost=/usr/bin/logger --tag rtc-i2c 'System clock set from i2c hardware clock'
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=sysinit.target
|
6
roles/i2c-clock/files/etc/udev/rules.d/55-rtc-i2c.rules
Normal file
6
roles/i2c-clock/files/etc/udev/rules.d/55-rtc-i2c.rules
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
#/lib/udev/rules.d/50-udev-default.rules:SUBSYSTEM=="rtc", ATTR{hctosys}=="1", SYMLINK+="rtc"
|
||||||
|
#/lib/udev/rules.d/50-udev-default.rules:SUBSYSTEM=="rtc", KERNEL=="rtc0", SYMLINK+="rtc", OPTIONS+="link_priority=-100"
|
||||||
|
|
||||||
|
# I2C RTC, when added and not the source of the sys clock (kernel), is used ;
|
||||||
|
# separate name to ensure rtc-i2c.service will not be run on anything else
|
||||||
|
ACTION=="add", SUBSYSTEMS=="i2c", SUBSYSTEM=="rtc", KERNEL=="rtc0", ATTR{hctosys}=="0", SYMLINK+="rtc_i2c", TAG+="systemd"
|
36
roles/i2c-clock/tasks/install.yml
Normal file
36
roles/i2c-clock/tasks/install.yml
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
---
|
||||||
|
- become: yes
|
||||||
|
block:
|
||||||
|
- name: install i2c-tools
|
||||||
|
become: yes
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
pkg:
|
||||||
|
- i2c-tools
|
||||||
|
- libraspberrypi-bin
|
||||||
|
|
||||||
|
- name: enable i2c-rtc dtoverlay
|
||||||
|
shell:
|
||||||
|
cmd: |
|
||||||
|
dtoverlay i2c-rtc
|
||||||
|
|
||||||
|
- name: enable automatic module load
|
||||||
|
copy:
|
||||||
|
src: etc/modules-load.d/rtc-ds1307.conf
|
||||||
|
dest: /etc/modules-load.d/rtc-ds1307.conf
|
||||||
|
|
||||||
|
- name: add systemd service
|
||||||
|
copy:
|
||||||
|
src: etc/systemd/system/rtc-i2c.service
|
||||||
|
dest: /etc/systemd/system/rtc-i2c.service
|
||||||
|
|
||||||
|
- name: disable systemd service
|
||||||
|
systemd:
|
||||||
|
daemon_reload: yes
|
||||||
|
name: rtc-i2c.service
|
||||||
|
enabled: no
|
||||||
|
|
||||||
|
- name: enable systemd service
|
||||||
|
systemd:
|
||||||
|
name: rtc-i2c.service
|
||||||
|
enabled: yes
|
6
roles/i2c-clock/tasks/main.yml
Normal file
6
roles/i2c-clock/tasks/main.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
- import_tasks: install.yml
|
||||||
|
|
||||||
|
- import_tasks: set-time.yml
|
||||||
|
|
||||||
|
- import_tasks: remove-fake-clock.yml
|
8
roles/i2c-clock/tasks/remove-fake-clock.yml
Normal file
8
roles/i2c-clock/tasks/remove-fake-clock.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
- name: uninstall fakehw
|
||||||
|
become: yes
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
state: absent
|
||||||
|
pkg:
|
||||||
|
- fake-hwclock
|
22
roles/i2c-clock/tasks/set-time.yml
Normal file
22
roles/i2c-clock/tasks/set-time.yml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
---
|
||||||
|
- name: Check if rtc is loaded
|
||||||
|
stat:
|
||||||
|
path: /dev/rtc
|
||||||
|
register: rtc_file
|
||||||
|
|
||||||
|
- become: yes
|
||||||
|
when: rtc_file.stat.exists == False
|
||||||
|
block:
|
||||||
|
- name: load hwclock
|
||||||
|
shell:
|
||||||
|
cmd: |
|
||||||
|
modprobe rtc-ds1307
|
||||||
|
echo ds1307 0x68 > /sys/class/i2c-adapter/i2c-1/new_device
|
||||||
|
- name: update time
|
||||||
|
shell:
|
||||||
|
cmd: |
|
||||||
|
hwclock -w
|
||||||
|
- name: read time
|
||||||
|
shell:
|
||||||
|
cmd: |
|
||||||
|
hwclock -r
|
@ -0,0 +1,13 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=node_exporter
|
||||||
|
Wants=network-online.target
|
||||||
|
After=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User=prometheus
|
||||||
|
Group=prometheus
|
||||||
|
Type=simple
|
||||||
|
ExecStart=/usr/local/sbin/node_exporter
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
10
roles/node_explorer/tasks/account.yml
Normal file
10
roles/node_explorer/tasks/account.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
- name: create prometheus account
|
||||||
|
become: yes
|
||||||
|
user:
|
||||||
|
name: prometheus
|
||||||
|
comment: Prometheus account
|
||||||
|
system: yes
|
||||||
|
password_lock: yes
|
||||||
|
home: /nonexistent
|
||||||
|
create_home: no
|
49
roles/node_explorer/tasks/install.yml
Normal file
49
roles/node_explorer/tasks/install.yml
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
---
|
||||||
|
- name: Create temp dir
|
||||||
|
file:
|
||||||
|
path: /tmp/node_exporter
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Download node-explorer
|
||||||
|
when: ansible_architecture == "aarch64"
|
||||||
|
unarchive:
|
||||||
|
src: https://github.com/prometheus/node_exporter/releases/download/v{{version}}/node_exporter-{{version}}.linux-arm64.tar.gz
|
||||||
|
dest: /tmp/node_exporter
|
||||||
|
remote_src: yes
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Download node-explorer
|
||||||
|
when: ansible_architecture == "x86_64"
|
||||||
|
unarchive:
|
||||||
|
src: https://github.com/prometheus/node_exporter/releases/download/v{{version}}/node_exporter-{{version}}.linux-amd64.tar.gz
|
||||||
|
dest: /tmp/node_exporter
|
||||||
|
remote_src: yes
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Download node-explorer
|
||||||
|
when: ansible_architecture == "armv7l"
|
||||||
|
unarchive:
|
||||||
|
src: https://github.com/prometheus/node_exporter/releases/download/v{{version}}/node_exporter-{{version}}.linux-armv7.tar.gz
|
||||||
|
dest: /tmp/node_exporter
|
||||||
|
remote_src: yes
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: get folder name
|
||||||
|
shell: ls /tmp/node_exporter
|
||||||
|
register: dir_name
|
||||||
|
|
||||||
|
- name: Move to /usr/local/sbin
|
||||||
|
become: yes
|
||||||
|
command: cp -ra /tmp/node_exporter/{{ dir_name.stdout }}/node_exporter /usr/local/sbin/node_exporter
|
||||||
|
|
||||||
|
- name: Remove temp directory
|
||||||
|
become: yes
|
||||||
|
file:
|
||||||
|
path: /tmp/node_exporter
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: change chmod
|
||||||
|
become: yes
|
||||||
|
file:
|
||||||
|
path: /usr/local/sbin/node_exporter
|
||||||
|
mode: '0755'
|
6
roles/node_explorer/tasks/main.yml
Normal file
6
roles/node_explorer/tasks/main.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
- import_tasks: account.yml
|
||||||
|
|
||||||
|
- import_tasks: install.yml
|
||||||
|
|
||||||
|
- import_tasks: service.yml
|
13
roles/node_explorer/tasks/service.yml
Normal file
13
roles/node_explorer/tasks/service.yml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
- become: yes
|
||||||
|
block:
|
||||||
|
- name: copy systemd service config
|
||||||
|
copy:
|
||||||
|
src: lib/systemd/system/node_explorer.service
|
||||||
|
dest: /lib/systemd/system/node_explorer.service
|
||||||
|
|
||||||
|
- name: enable systemd service
|
||||||
|
systemd:
|
||||||
|
name: node_explorer
|
||||||
|
enabled: yes
|
||||||
|
state: started
|
2
roles/node_explorer/vars/main.yml
Normal file
2
roles/node_explorer/vars/main.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
---
|
||||||
|
version: 1.2.2
|
@ -6,7 +6,7 @@ After=network.target
|
|||||||
User=octoprint
|
User=octoprint
|
||||||
Group=octoprint
|
Group=octoprint
|
||||||
Restart=always
|
Restart=always
|
||||||
ExecStart=/home/octoprint/.local/bin/octoprint
|
ExecStart=/home/octoprint/bin/octoprint
|
||||||
Type=simple
|
Type=simple
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
user:
|
user:
|
||||||
name: octoprint
|
name: octoprint
|
||||||
comment: Octoprint account
|
comment: Octoprint account
|
||||||
groups: tty,dialout
|
groups: tty,dialout,video
|
||||||
system: yes
|
system: yes
|
||||||
password_lock: yes
|
password_lock: yes
|
||||||
home: /home/octoprint
|
home: /home/octoprint
|
||||||
|
@ -5,57 +5,57 @@
|
|||||||
apt:
|
apt:
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
pkg:
|
pkg:
|
||||||
- python-pip
|
- python3-pip
|
||||||
- python-dev
|
- python3-all-dev
|
||||||
- python-setuptools
|
- python3-setuptools
|
||||||
- python-virtualenv
|
- python3-virtualenv
|
||||||
- python-pillow
|
|
||||||
- git
|
- git
|
||||||
- libyaml-dev
|
- libyaml-dev
|
||||||
- build-essential
|
- build-essential
|
||||||
|
- acl
|
||||||
|
- libjpeg8-dev
|
||||||
|
- libffi-dev
|
||||||
|
|
||||||
- name: install octoprint software
|
- name: install octoprint software
|
||||||
|
become: true
|
||||||
become_user: octoprint
|
become_user: octoprint
|
||||||
shell:
|
shell:
|
||||||
chdir: /home/octoprint
|
chdir: /home/octoprint
|
||||||
cmd: |
|
cmd: |
|
||||||
virtualenv --system-site-packages .
|
virtualenv --system-site-packages .
|
||||||
source bin/activate
|
source bin/activate
|
||||||
pip install pip --upgrade
|
pip3 install pip --upgrade
|
||||||
pip install octoprint
|
pip3 install octoprint
|
||||||
args:
|
args:
|
||||||
executable: /bin/bash
|
executable: /bin/bash
|
||||||
|
|
||||||
- name: enable system wide packages
|
|
||||||
file:
|
|
||||||
path: /home/octoprint/lib/python2.7/no-global-site-packages.txt
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: Create symbolic link for PIL package
|
|
||||||
file:
|
|
||||||
src: /usr/lib/python2.7/dist-packages/PIL
|
|
||||||
dest: /home/octoprint/lib/python2.7/site-packages/PIL
|
|
||||||
state: link
|
|
||||||
|
|
||||||
- name: Create symbolic link for pillow package
|
|
||||||
file:
|
|
||||||
src: /usr/lib/python2.7/dist-packages/Pillow-5.1.0.egg-info
|
|
||||||
dest: /home/octoprint/lib/python2.7/site-packages/Pillow-5.1.0.egg-info
|
|
||||||
state: link
|
|
||||||
|
|
||||||
- name: install plugins
|
- name: install plugins
|
||||||
become_user: octoprint
|
become_user: octoprint
|
||||||
pip:
|
pip:
|
||||||
virtualenv: /home/octoprint
|
virtualenv: /home/octoprint
|
||||||
name:
|
name:
|
||||||
|
# Bed Visualizer
|
||||||
- https://github.com/jneilliii/OctoPrint-BedLevelVisualizer/archive/master.zip
|
- https://github.com/jneilliii/OctoPrint-BedLevelVisualizer/archive/master.zip
|
||||||
- https://github.com/jneilliii/OctoPrint-PrusaSlicerThumbnails/archive/master.zip
|
# Cancel Objects
|
||||||
- https://github.com/juniorRubyist/OctoPrint-OctoFlat/archive/master.zip
|
|
||||||
- https://github.com/kanocz/octopi_eta_override/archive/master.zip
|
|
||||||
- https://github.com/malnvenshorn/OctoPrint-FilamentManager/archive/master.zip
|
|
||||||
- https://github.com/OllisGit/OctoPrint-DeleteAfterPrint/releases/latest/download/master.zip
|
|
||||||
# - https://github.com/OllisGit/OctoPrint-PrintJobHistory/releases/latest/download/master.zip
|
|
||||||
- https://github.com/paukstelis/OctoPrint-Cancelobject/archive/master.zip
|
- https://github.com/paukstelis/OctoPrint-Cancelobject/archive/master.zip
|
||||||
- https://github.com/Renaud11232/OctoPrint-Resource-Monitor/archive/master.zip
|
# Continuous Print
|
||||||
- https://github.com/agrif/OctoPrint-InfluxDB/archive/master.zip
|
- https://github.com/smartin015/continuousprint/archive/refs/heads/master.zip
|
||||||
|
# DeleteAfterPrint Plugin
|
||||||
|
- https://github.com/OllisGit/OctoPrint-DeleteAfterPrint/releases/latest/download/master.zip
|
||||||
|
# Firmware Updater
|
||||||
|
- https://github.com/OctoPrint/OctoPrint-FirmwareUpdater/archive/refs/heads/master.zip
|
||||||
|
# HomeAssistant Discovery
|
||||||
|
- https://github.com/cmroche/OctoPrint-HomeAssistant/archive/master.zip
|
||||||
|
# MQTT
|
||||||
|
- https://github.com/OctoPrint/OctoPrint-MQTT/archive/master.zip
|
||||||
|
# OctoFlat Theme
|
||||||
|
- https://github.com/juniorRubyist/OctoPrint-OctoFlat/archive/master.zip
|
||||||
|
# Octolapse
|
||||||
|
- https://github.com/FormerLurker/Octolapse/archive/master.zip
|
||||||
|
# Prusa ETA override Plugin
|
||||||
|
- https://github.com/kanocz/octopi_eta_override/archive/master.zip
|
||||||
|
# Prusa MMU
|
||||||
|
- https://github.com/jukebox42/Octoprint-PrusaMMU/releases/latest/download/Octoprint-PrusaMmu.zip
|
||||||
|
# Slicer Thumbnails
|
||||||
|
- https://github.com/jneilliii/OctoPrint-PrusaSlicerThumbnails/archive/master.zip
|
||||||
|
|
||||||
|
21
roles/router-telegraf/files/telegraf.conf
Normal file
21
roles/router-telegraf/files/telegraf.conf
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
[agent]
|
||||||
|
hostname = "router"
|
||||||
|
interval = "5s"
|
||||||
|
debug = false
|
||||||
|
quiet = false
|
||||||
|
logtarget = "stderr"
|
||||||
|
[[outputs.prometheus_client]]
|
||||||
|
listen = ":9273"
|
||||||
|
[[inputs.cpu]]
|
||||||
|
percpu = false
|
||||||
|
report_active = true
|
||||||
|
[[inputs.system]]
|
||||||
|
[[inputs.mem]]
|
||||||
|
[[inputs.net]]
|
||||||
|
[[inputs.exec]]
|
||||||
|
command = "sh /usr/lib/telegraf/edgeos.sh --interfaces"
|
||||||
|
data_format = "influx"
|
||||||
|
[[inputs.exec]]
|
||||||
|
command = "sh /usr/lib/telegraf/edgeos.sh --firmware"
|
||||||
|
data_format = "influx"
|
||||||
|
interval = "24h"
|
31
roles/router-telegraf/tasks/install_telegraf.yml
Normal file
31
roles/router-telegraf/tasks/install_telegraf.yml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
---
|
||||||
|
- name: Download telegraf
|
||||||
|
get_url:
|
||||||
|
url: https://github.com/x70b1/telegraf-edgeos/releases/download/v{{ telegraf.release }}/telegraf_{{ telegraf.release }}+{{ telegraf.flavour }}_{{ telegraf.arch }}.deb
|
||||||
|
dest: /tmp/telegraf.deb
|
||||||
|
|
||||||
|
- name: Install telegraf
|
||||||
|
shell:
|
||||||
|
cmd: dpkg -i /tmp/telegraf.deb
|
||||||
|
|
||||||
|
- name: create directory for configuration
|
||||||
|
file:
|
||||||
|
path: "/etc/telegraf"
|
||||||
|
state: directory
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: copy configuration
|
||||||
|
copy:
|
||||||
|
src: "telegraf.conf"
|
||||||
|
dest: "/etc/telegraf/telegraf.conf"
|
||||||
|
|
||||||
|
- name: start and enable telegraf
|
||||||
|
systemd:
|
||||||
|
name: docker
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: Remove telegraf.deb file
|
||||||
|
file:
|
||||||
|
path: /tmp/telegraf.deb
|
||||||
|
state: absent
|
3
roles/router-telegraf/tasks/main.yml
Normal file
3
roles/router-telegraf/tasks/main.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
- import_tasks: install_telegraf.yml
|
||||||
|
become: yes
|
5
roles/router-telegraf/vars/main.yml
Normal file
5
roles/router-telegraf/vars/main.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
telegraf:
|
||||||
|
release: 1.26.2-1
|
||||||
|
flavour: prometheus
|
||||||
|
arch: mipsel
|
@ -1,4 +1,4 @@
|
|||||||
#!/usr/bin/env vbash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
WAN=eth0
|
WAN=eth0
|
||||||
HOSTS=(
|
HOSTS=(
|
||||||
@ -9,30 +9,38 @@ HOSTS=(
|
|||||||
OUTLET_IP=192.168.60.14
|
OUTLET_IP=192.168.60.14
|
||||||
|
|
||||||
PING_TIMEOUT=5
|
PING_TIMEOUT=5
|
||||||
SOFT_WAIT_TIME=30
|
SOFT_WAIT_TIME=60
|
||||||
DHCP_WAIT_TIME=30
|
DHCP_WAIT_TIME=60
|
||||||
MODEM_RESET_WAIT_TIME=60
|
MODEM_RESET_WAIT_TIME=60
|
||||||
|
|
||||||
PING="/bin/ping -c 1 -W ${PING_TIMEOUT} -w ${PING_TIMEOUT}"
|
PING="/bin/ping -c 1 -W ${PING_TIMEOUT} -w ${PING_TIMEOUT}"
|
||||||
RESET_MODEM_SCRIPT="/config/scripts/tplink_smartplug.py"
|
RESET_MODEM_SCRIPT="/config/scripts/tplink_smartplug.py"
|
||||||
|
|
||||||
DEBUG=true
|
DEBUG=true
|
||||||
|
DEBUG_FILE=/var/log/cron-monitor.log
|
||||||
DISABLE_SOFT_RESTART=false
|
DISABLE_SOFT_RESTART=false
|
||||||
|
|
||||||
|
if [ 'vyattacfg' != "$(id -ng)" ]; then
|
||||||
|
exec sg vyattacfg -c "$0 $@"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
cw=/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper
|
||||||
|
|
||||||
function debug() {
|
function debug() {
|
||||||
if [[ ${DEBUG} ]]; then
|
if [[ ${DEBUG} ]]; then
|
||||||
echo $@
|
echo $@ > ${DEBUG_FILE}
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function interfaceDown() {
|
function interfaceDown() {
|
||||||
interface=$1
|
interface=$1
|
||||||
ip link set dev ${interface} down
|
$cw ip link set dev ${interface} down
|
||||||
}
|
}
|
||||||
|
|
||||||
function interfaceUp() {
|
function interfaceUp() {
|
||||||
interface=$1
|
interface=$1
|
||||||
ip link set dev ${interface} down
|
$cw ip link set dev ${interface} up
|
||||||
}
|
}
|
||||||
|
|
||||||
function soft_restart() {
|
function soft_restart() {
|
||||||
@ -41,10 +49,10 @@ function soft_restart() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
debug "Releasing DHCP IP lease on ${WAN}"
|
debug "Releasing DHCP IP lease on ${WAN}"
|
||||||
release dhcp interface ${WAN}
|
$cw release dhcp interface ${WAN}
|
||||||
|
|
||||||
debug "Disabling ${WAN} interface"
|
debug "Disabling ${WAN} interface"
|
||||||
interfaceDown ${WAN}
|
$cw interfaceDown ${WAN}
|
||||||
|
|
||||||
debug "Waiting ${SOFT_WAIT_TIME}"
|
debug "Waiting ${SOFT_WAIT_TIME}"
|
||||||
sleep ${SOFT_WAIT_TIME}
|
sleep ${SOFT_WAIT_TIME}
|
||||||
@ -53,7 +61,7 @@ function soft_restart() {
|
|||||||
interfaceUp ${WAN}
|
interfaceUp ${WAN}
|
||||||
|
|
||||||
debug "Renewing DHCP IP lease on ${WAN}"
|
debug "Renewing DHCP IP lease on ${WAN}"
|
||||||
renew dhcp interface ${WAN}
|
$cw renew dhcp interface ${WAN}
|
||||||
|
|
||||||
debug "Waiting for ip lease from dhcp (${DHCP_WAIT_TIME}s)"
|
debug "Waiting for ip lease from dhcp (${DHCP_WAIT_TIME}s)"
|
||||||
sleep ${DHCP_WAIT_TIME}
|
sleep ${DHCP_WAIT_TIME}
|
||||||
@ -61,7 +69,7 @@ function soft_restart() {
|
|||||||
|
|
||||||
function hard_restart() {
|
function hard_restart() {
|
||||||
debug "Releasing DHCP IP lease on ${WAN}"
|
debug "Releasing DHCP IP lease on ${WAN}"
|
||||||
release dhcp interface ${WAN}
|
$cw release dhcp interface ${WAN}
|
||||||
|
|
||||||
debug "Disabling ${WAN} interface"
|
debug "Disabling ${WAN} interface"
|
||||||
interfaceDown ${WAN}
|
interfaceDown ${WAN}
|
||||||
@ -82,7 +90,7 @@ function hard_restart() {
|
|||||||
interfaceUp ${WAN}
|
interfaceUp ${WAN}
|
||||||
|
|
||||||
debug "Renewing DHCP IP lease on ${WAN}"
|
debug "Renewing DHCP IP lease on ${WAN}"
|
||||||
renew dhcp interface ${WAN}
|
$cw renew dhcp interface ${WAN}
|
||||||
}
|
}
|
||||||
|
|
||||||
function ping() {
|
function ping() {
|
||||||
|
@ -1 +1,3 @@
|
|||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDwTqV2idle6AQj179tAuAxZzodtTb2aMJKIEnL+tXfdsKsoc8kfQV3JMtq53hk6jRcH/9+FamCBqP/2s1xT4elKAZ7GWYBMi4HqGr8Qr7I1sK2m9dydrmW+iepmhGNDdKlYkEFc8aM9blbCTEN9RqqJiSomzDAIZQWiV2E/18MIxu3WYKJ561uzILkmB9o7UJbdAgOGbk6+GkBIwGCX5CwlX4Ro8wLv/i55/bg03N1lAbsCeDqaZX7ikiy2hnxAFH/EuY2g2WK4x9yUjhUe1MnCZy5SealSP76b9BHyJVYrxGVyAZOtlnewEXzbJXnyHGQg00hXeT8YtTlMSXaQVih pgrondek@farnsworth
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDwTqV2idle6AQj179tAuAxZzodtTb2aMJKIEnL+tXfdsKsoc8kfQV3JMtq53hk6jRcH/9+FamCBqP/2s1xT4elKAZ7GWYBMi4HqGr8Qr7I1sK2m9dydrmW+iepmhGNDdKlYkEFc8aM9blbCTEN9RqqJiSomzDAIZQWiV2E/18MIxu3WYKJ561uzILkmB9o7UJbdAgOGbk6+GkBIwGCX5CwlX4Ro8wLv/i55/bg03N1lAbsCeDqaZX7ikiy2hnxAFH/EuY2g2WK4x9yUjhUe1MnCZy5SealSP76b9BHyJVYrxGVyAZOtlnewEXzbJXnyHGQg00hXeT8YtTlMSXaQVih pgrondek@hulk
|
||||||
|
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILjWAJ3h6cc+gM3MaAW+1tKCvbM3OkZLDJT+140sB6jH pgrondek@hawkeye
|
||||||
|
@ -1,8 +1,15 @@
|
|||||||
---
|
---
|
||||||
- become: yes
|
- become: yes
|
||||||
block:
|
block:
|
||||||
|
- name: check if help in motd exists
|
||||||
|
stat:
|
||||||
|
path: /etc/update-motd.d/10-help-text
|
||||||
|
register: stat_result
|
||||||
|
|
||||||
- name: disable help in ubuntu
|
- name: disable help in ubuntu
|
||||||
when: ansible_distribution == "Ubuntu"
|
when:
|
||||||
|
- ansible_distribution == "Ubuntu"
|
||||||
|
- stat_result.stat.exists
|
||||||
file:
|
file:
|
||||||
path: /etc/update-motd.d/10-help-text
|
path: /etc/update-motd.d/10-help-text
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
|
@ -2,3 +2,7 @@
|
|||||||
- import_tasks: cleanup.yml
|
- import_tasks: cleanup.yml
|
||||||
|
|
||||||
- import_tasks: timezone.yml
|
- import_tasks: timezone.yml
|
||||||
|
|
||||||
|
- import_tasks: snap.yml
|
||||||
|
|
||||||
|
- import_tasks: packages.yml
|
12
roles/ubuntu/tasks/packages.yml
Normal file
12
roles/ubuntu/tasks/packages.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
- name: install needed tools
|
||||||
|
become: true
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
pkg:
|
||||||
|
- bash-completion
|
||||||
|
- vim
|
||||||
|
- aptitude
|
||||||
|
- git
|
||||||
|
- make
|
||||||
|
- molly-guard
|
19
roles/ubuntu/tasks/snap.yml
Normal file
19
roles/ubuntu/tasks/snap.yml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
- become: yes
|
||||||
|
block:
|
||||||
|
- name: Get the list of services
|
||||||
|
service_facts:
|
||||||
|
|
||||||
|
- name: stop snapd
|
||||||
|
systemd:
|
||||||
|
name: snapd
|
||||||
|
state: stopped
|
||||||
|
when: "'snapd.service' in services"
|
||||||
|
|
||||||
|
- name: uninstall snapd
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
state: absent
|
||||||
|
purge: yes
|
||||||
|
pkg:
|
||||||
|
- snapd
|
Loading…
Reference in New Issue
Block a user